公开(公告)号：US20220382859A1

公开(公告)日：2022-12-01

申请号：US17330098

申请日：2021-05-25

Applicant: International Business Machines Corporation

Inventor： Ying-Chen Yu ,  June-Ray Lin ,  Ci-Hao Wu ,  Pao-Chuan Liao

IPC: G06F21/55 ,  G06F21/54 ,  G06F21/56 ,  G06F21/60

Abstract: An approach to workflow management in response to a detected security incident in a computer system. The approach may include an inference driven response based on prior artifacts. The inference driven response may predict the condition of the system and the outcomes of actions in response to the security incident. The predictions made by the inference drive response may be based on a machine learning model. The inference driven response may pause or prevent scheduled actions of the system based on the predictions. The inference driven response may continue to monitor the system and dynamically update its predictions for the condition of the system. In response to the updated predictions, the inference driven response may cancel or execute the previously scheduled actions of the system.

公开(公告)号：US12147537B2

公开(公告)日：2024-11-19

申请号：US18536736

申请日：2023-12-12

Applicant: International Business Machines Corporation

Inventor： Yu-Siang Chen ,  Ci-Hao Wu ,  Ying-Chen Yu ,  Pao-Chuan Liao ,  June-Ray Lin

IPC: G06F21/00 ,  G06F21/56 ,  G06N5/02 ,  G06N5/04

Abstract: A malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. The engine builds a dictionary data structure comprising detected tag entries linking each detected tag to one or more malware family nodes based on the graph data structure. The engine identifies significant indirect entities (SIEs) within the detected tag entries of the dictionary data structure and selects a SIE with a highest number of out-going links (OGLs) as a root node in a family tree data structure, recursively connects SIEs with a number of OGLs less than the highest number of OGLs to the root node in the family tree data structure, and converts each SIE name in the family tree data structure to a chained family entity name in the family tree data structure.

公开(公告)号：US10922366B2

公开(公告)日：2021-02-16

申请号：US15936666

申请日：2018-03-27

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Chen-Yu Huang ,  Sheng-Wei Lee ,  June-Ray Lin ,  Ci-Hao Wu ,  Hsieh-Lung Yang ,  Ying-Chen Yu

IPC: G06F16/951 ,  G06F16/958 ,  H04L29/08 ,  G06F40/103 ,  G06F16/9535 ,  G06F16/33 ,  G06F40/279

Abstract: A method, computer system, and a computer program product for crawling and extracting main content from a web page is provided. The present invention may include retrieving a HTML document associated with a web page. The present invention may then include identifying at least one entry point located in the retrieved HTML document by utilizing a self-adaptive entry point locator. The present invention may also include extracting a main content article associated with the retrieved HTML document based on the identified at least one entry point. The present invention may further include presenting the extracted main content associated with the retrieved HTML document to the user.

公开(公告)号：US11790082B2

公开(公告)日：2023-10-17

申请号：US17330098

申请日：2021-05-25

Applicant: International Business Machines Corporation

Inventor： Ying-Chen Yu ,  June-Ray Lin ,  Ci-Hao Wu ,  Pao-Chuan Liao

IPC: G06F21/55 ,  G06F21/60 ,  G06F21/56 ,  G06F21/54

CPC classification number: G06F21/554 ,  G06F21/54 ,  G06F21/566 ,  G06F21/602

Abstract: An approach to workflow management in response to a detected security incident in a computer system. The approach may include an inference driven response based on prior artifacts. The inference driven response may predict the condition of the system and the outcomes of actions in response to the security incident. The predictions made by the inference drive response may be based on a machine learning model. The inference driven response may pause or prevent scheduled actions of the system based on the predictions. The inference driven response may continue to monitor the system and dynamically update its predictions for the condition of the system. In response to the updated predictions, the inference driven response may cancel or execute the previously scheduled actions of the system.

公开(公告)号：US11663402B2

公开(公告)日：2023-05-30

申请号：US16934220

申请日：2020-07-21

Applicant: International Business Machines Corporation

Inventor： Chao-Min Chang ,  Kuei-Ching Lee ,  Ci-Hao Wu ,  Chia-Heng Lin

IPC: G06F40/242 ,  G06F40/295 ,  G06F40/58

CPC classification number: G06F40/242 ,  G06F40/295 ,  G06F40/58

Abstract: An approach for a fast and accurate word embedding model, “desc2vec,” for out-of-dictionary (OOD) words with a model learning from the dictionary descriptions of the word is disclosed. The approach includes determining that a target text element is not in a set of reference text elements, information describing the target text element is obtained. The information comprises a set of descriptive text elements. A set of vectorized representations for the set of descriptive text elements is determined. A target vectorized representation for the target text element is determined based on the set of vectorized representations using a machine learning model. The machine learning model is trained to represent a predetermined association between the set of vectorized representations for the set of descriptive text elements describing the target text element and the target vectorized representation.

公开(公告)号：US20200125681A1

公开(公告)日：2020-04-23

申请号：US16167653

申请日：2018-10-23

Applicant: International Business Machines Corporation

Inventor： June-Ray Lin ,  Curtis CH Wei ,  Hsieh-Lung Yang ,  Ying-Chen Yu ,  Chia-Heng Lin ,  Ci-Hao Wu ,  Chen-Yu Huang ,  Kuei-Ching Lee

IPC: G06F17/30 ,  G06K9/62

Abstract: A method, computer program product, and computing system device for receiving, on a computing device, a plurality of webpages. At least one webpage may be filtered from the plurality of webpages into at least one set of webpages using a decision tree algorithm. At least one remaining webpage may be filtered from the plurality of webpages into the at least one set of webpages using a supported vector machine (SVM) algorithm.

公开(公告)号：US20240176880A1

公开(公告)日：2024-05-30

申请号：US18536736

申请日：2023-12-12

Applicant: International Business Machines Corporation

Inventor： Yu-Siang Chen ,  Ci-Hao Wu ,  Ying-Chen Yu ,  Pao-Chuan Liao ,  June-Ray Lin

IPC: G06F21/56 ,  G06N5/02 ,  G06N5/04

CPC classification number: G06F21/561 ,  G06F21/568 ,  G06N5/02 ,  G06N5/04

Abstract: A malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. The engine builds a dictionary data structure comprising detected tag entries linking each detected tag to one or more malware family nodes based on the graph data structure. The engine identifies significant indirect entities (SIEs) within the detected tag entries of the dictionary data structure and selects a SIE with a highest number of out-going links (OGLs) as a root node in a family tree data structure, recursively connects SIEs with a number of OGLs less than the highest number of OGLs to the root node in the family tree data structure, and converts each SIE name in the family tree data structure to a chained family entity name in the family tree data structure.

公开(公告)号：US11899791B2

公开(公告)日：2024-02-13

申请号：US17489725

申请日：2021-09-29

Applicant: International Business Machines Corporation

Inventor： Yu-Siang Chen ,  Ci-Hao Wu ,  Ying-Chen Yu ,  Pao-Chuan Liao ,  June-Ray Lin

IPC: G06F21/00 ,  G06F21/56 ,  G06N5/04 ,  G06N5/02

CPC classification number: G06F21/561 ,  G06F21/568 ,  G06N5/02 ,  G06N5/04

Abstract: A malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. The engine builds a dictionary data structure comprising detected tag entries linking each detected tag to one or more malware family nodes based on the graph data structure. The engine identifies significant indirect entities (SIEs) within the detected tag entries of the dictionary data structure and selects a SIE with a highest number of out-going links (OGLs) as a root node in a family tree data structure, recursively connects SIEs with a number of OGLs less than the highest number of OGLs to the root node in the family tree data structure, and converts each SIE name in the family tree data structure to a chained family entity name in the family tree data structure.

公开(公告)号：US20230012202A1

公开(公告)日：2023-01-12

申请号：US17368627

申请日：2021-07-06

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Ci-Hao Wu ,  June-Ray Lin ,  Cheng-Ta Lee

IPC: G06N5/04 ,  G06N7/00 ,  G06F16/901 ,  G06F21/56

Abstract: Graph computing over micro and macro views includes expanding, with a processor at run-time, a set of nodes to include a node generated in response to received data corresponding to an event query. A first inference of an inference ensemble is determined by traversing a base graph whose nodes are associated with a discriminant power that exceeds a predetermined entity threshold. A second inference of the inference ensemble is determined by traversing a micro-view graph whose nodes are selected based on a number of references that exceeds a predetermined reference threshold. A third inference of the inference ensemble is determined by traversing a macro-view graph having one or more committee nodes and computing for each committee node a macro-node vote and generating a response to the event query based on the inference ensemble.

公开(公告)号：US20230100947A1

公开(公告)日：2023-03-30

申请号：US17489725

申请日：2021-09-29

Applicant: International Business Machines Corporation

Inventor： Yu-Siang Chen ,  Ci-Hao Wu ,  Ying-Chen Yu ,  Pao-Chuan Liao ,  June-Ray Lin

IPC: G06F21/56 ,  G06N5/02 ,  G06N5/04

Abstract: A malware family identification engine constructs a graph data structure of direct relationships between malware instances and malware families, direct relationships between malware instances and detected tags, and indirect relationships between detected tags and malware families. The engine builds a dictionary data structure comprising detected tag entries linking each detected tag to one or more malware family nodes based on the graph data structure. The engine identifies significant indirect entities (SIEs) within the detected tag entries of the dictionary data structure and selects a SIE with a highest number of out-going links (OGLs) as a root node in a family tree data structure, recursively connects SIEs with a number of OGLs less than the highest number of OGLs to the root node in the family tree data structure, and converts each SIE name in the family tree data structure to a chained family entity name in the family tree data structure.